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REMARKS 

Claims 1-3, 5, 7-13, 18-14, and 28-31 are currently pending in this application. 
Claims 1-3, 5, 7-13, 18-14, and 28-31 have been rejected. The response amends 
claims 1, 2, 18, 23, 28 and 29. Reconsideration and withdrawal of the rejections set 
forth in the Office Action dated December 19, 2006 are respectfully requested. 

Claim Rejections: 

35 U.S.C. S 103 Rejections 

Claims 1-3, 5, 8-13, 18-24 and 28-31 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Lewis et al. (U.S. Patent 6,233,565 B1) herein referred to as 
Lewis in view of Korn et al. (U.S. Patent 6,442,607 B1) herein referred to as Korn. 

The Prior Art 

Lewis teaches a secure transport for registration and password authentication, 
wherein "all purchase and refund requests will be digitally signed and encrypted for 
transmission from the host to the transaction server" (col., 14, lines 26-28). As 
examiner pointed out in the office action on 1/9/2007, such non-discretionary encryption 
in Lewis does not apply only to sensitive data in content. Furthermore, Lewis does not 
disclose allowing a user to specify which data are sensitive within the content that has 
been received from a client over a communication network and encrypting only those 
sensitive data specified by the user before the content reaches components in a server 
environment. 

Although Korn discloses identifying and blocking sensitive data within the content 
using pre-defined sequences or patterns, it does not teach enabling a user to specify a 
which data fields are sensitive at his/her own discretion. In addition, such data 
identification and blocking in Korn happens as the content is typed in by the client at a 
keyboard before the data even reaches the operating system of the client computer 
(col. 3, lines 8-10). Thus, Korn does not disclose allowing a user to specify which data 
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are sensitive within the content that has been received from a client over a 
communication network and encrypting only those sensitive data specified by the user 
before the content reaches components in a server environment. It may be a user at 
the receiving end of the content over a network, not the one who sends it, who is more 
knowledgeable and thus better suited to specify which data in the content are sensitive 
and should be encrypted so that sensitive data can be secured before the content 
reaches components in a server environment. 

Neither Lewis nor Korn teach checking the received content before it reaches 
components in a server environment, which is important for protecting sensitive user 
data in the content from being exposed to unauthorized access. Moreover, neither 
Lewis nor Korn disclose encrypting data at a point between the client and the server. 
This is significant because the client may not be aware of what should be encrypted, 
may not be able to encrypt in a manner that is usable by the system, may not be the 
best place for making encryption decisions, or may not be the best choice for other 
reasons; while the server environment may not be completely secure. 

The Prior Art Distinguished 

To render a claim obvious, the prior art, whether considered alone or in 
combination, must teach each and every element of the claim. Independent claim 1 
includes the language "receives at least one electronic transaction query from the at 
least one client computer via at least one secure channel" and "enables a user to 
specify, via regular expression, a plurality of fields of sensitive data to be encrypted 
within the at least one electronic transaction query before it reaches components in a 
server environment." Neither Lewis nor Korn disclose receiving an electronic 
transaction query from a client, selecting sensitive data for encryption, and encrypting 
the sensitive data prior to the sensitive data reaching components in a server 
environment. It follows that neither Lewis nor Korn disclose using a regular expression 
for selecting sensitive data in this manner. Accordingly, claim 1 is believed to be 
allowable over the prior art. 
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Independent claims 2, 18, 23, 28 and 29 are allowable over the prior art for 
similar reasons as claim 1 . Since claims 3, 5 and 8-13 depend on claim 2, claims 19-22 
depend on claim 18, claim 24 depends on claim 23, and claims 30-31 depend on claim 
29, claims 1-3, 5, 8-13, 18-24 and 28-31 cannot be rendered as being unpatentable 
over Lewis in view of Korn under 35 U.S.C. 103(a) for at least this reason, and 
Applicant respectfully requests that the rejection with respect to these claims be 
withdrawn. 



In light of the amendments and the preceding arguments, the applicant 
respectfully requests that the Examiner withdraw all other rejections and issue a Notice 
of Allowance. 

If the Examiner believes that a conference would be of value in expediting the 
prosecution of this application, he is cordially invited to telephone the undersigned 
counsel at (650) 838-4328 to arrange for such a conference. 

No fees are believed to be due, however, the Commissioner is authorized to 
charge any underpayment in fees to Deposit Account No. 50-2207. 



Correspondence Address: 

Customer No. 22918 
Perkins Coie LLP 
P.O. Box 2168 

MenloPark, CA 94026-2168 
(650) 838-4300 



CONCLUSION 



Respectfully submitted, 





William F. Ahmann 
Reg. No. 52,548 
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